Merge current v2.11 into v3.0

2024-03-12 10:38:29 +01:00 · 2024-03-12 10:38:29 +01:00 · 05be441027
commit 05be441027
parent 6c9687f410 5cf1b95c29
156 changed files with 5826 additions and 8436 deletions
--- a/pkg/api/criterion.go
+++ b/pkg/api/criterion.go
@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"slices"
 	"strconv"
 	"strings"
 )
@ -59,13 +60,9 @@ func (c *searchCriterion) searchIn(values ...string) bool {
 		return true
 	}

-	for _, v := range values {
-		if strings.Contains(strings.ToLower(v), strings.ToLower(c.Search)) {
-			return true
-		}
-	}
-
-	return false
+	return slices.ContainsFunc(values, func(v string) bool {
+		return strings.Contains(strings.ToLower(v), strings.ToLower(c.Search))
+	})
 }

 func (c *searchCriterion) filterService(name string) bool {
--- a/pkg/api/handler.go
+++ b/pkg/api/handler.go
@ -149,7 +149,7 @@ func getProviderName(id string) string {

 func extractType(element interface{}) string {
 	v := reflect.ValueOf(element).Elem()
-	for i := 0; i < v.NumField(); i++ {
+	for i := range v.NumField() {
 		field := v.Field(i)

 		if field.Kind() == reflect.Map && field.Type().Elem() == reflect.TypeOf(dynamic.PluginConf{}) {
--- a/pkg/api/handler_entrypoint_test.go
+++ b/pkg/api/handler_entrypoint_test.go
@ -256,7 +256,7 @@ func TestHandler_EntryPoints(t *testing.T) {

 func generateEntryPoints(nb int) map[string]*static.EntryPoint {
 	eps := make(map[string]*static.EntryPoint, nb)
-	for i := 0; i < nb; i++ {
+	for i := range nb {
 		eps[fmt.Sprintf("ep%2d", i)] = &static.EntryPoint{
 			Address: ":" + strconv.Itoa(i),
 		}
--- a/pkg/api/handler_http_test.go
+++ b/pkg/api/handler_http_test.go
@ -1050,7 +1050,7 @@ func TestHandler_HTTP(t *testing.T) {

 func generateHTTPRouters(nbRouters int) map[string]*runtime.RouterInfo {
 	routers := make(map[string]*runtime.RouterInfo, nbRouters)
-	for i := 0; i < nbRouters; i++ {
+	for i := range nbRouters {
 		routers[fmt.Sprintf("bar%2d@myprovider", i)] = &runtime.RouterInfo{
 			Router: &dynamic.Router{
 				EntryPoints: []string{"web"},
--- a/pkg/api/handler_overview.go
+++ b/pkg/api/handler_overview.go
@ -226,7 +226,7 @@ func getProviders(conf static.Configuration) []string {
 	var providers []string

 	v := reflect.ValueOf(conf.Providers).Elem()
-	for i := 0; i < v.NumField(); i++ {
+	for i := range v.NumField() {
 		field := v.Field(i)
 		if field.Kind() == reflect.Ptr && field.Elem().Kind() == reflect.Struct {
 			if !field.IsNil() {
@ -256,7 +256,7 @@ func getMetrics(conf static.Configuration) string {
 	}

 	v := reflect.ValueOf(conf.Metrics).Elem()
-	for i := 0; i < v.NumField(); i++ {
+	for i := range v.NumField() {
 		field := v.Field(i)
 		if field.Kind() == reflect.Ptr && field.Elem().Kind() == reflect.Struct {
 			if !field.IsNil() {
@ -274,7 +274,7 @@ func getTracing(conf static.Configuration) string {
 	}

 	v := reflect.ValueOf(conf.Tracing).Elem()
-	for i := 0; i < v.NumField(); i++ {
+	for i := range v.NumField() {
 		field := v.Field(i)
 		if field.Kind() == reflect.Ptr && field.Elem().Kind() == reflect.Struct {
 			if !field.IsNil() {
--- a/pkg/collector/hydratation/hydration.go
+++ b/pkg/collector/hydratation/hydration.go
@ -56,7 +56,7 @@ func fill(field reflect.Value) error {
 	case reflect.Int64:
 		switch field.Type() {
 		case reflect.TypeOf(types.Duration(time.Second)):
-			setTyped(field, int64(defaultNumber*int(time.Second)))
+			setTyped(field, types.Duration(defaultNumber*time.Second))
 		default:
 			setTyped(field, int64(defaultNumber))
 		}
@ -93,12 +93,12 @@ func setTyped(field reflect.Value, i interface{}) {
 func setMap(field reflect.Value) error {
 	field.Set(reflect.MakeMap(field.Type()))

-	for i := 0; i < mapItemNumber; i++ {
+	for i := range mapItemNumber {
 		baseKeyName := makeKeyName(field.Type().Elem())
 		key := reflect.ValueOf(fmt.Sprintf("%s%d", baseKeyName, i))

 		// generate value
-		ptrType := reflect.PtrTo(field.Type().Elem())
+		ptrType := reflect.PointerTo(field.Type().Elem())
 		ptrValue := reflect.New(ptrType)
 		if err := fill(ptrValue); err != nil {
 			return err
@ -125,7 +125,7 @@ func makeKeyName(typ reflect.Type) string {
 }

 func setStruct(field reflect.Value) error {
-	for i := 0; i < field.NumField(); i++ {
+	for i := range field.NumField() {
 		fld := field.Field(i)
 		stFld := field.Type().Field(i)

@ -142,7 +142,7 @@ func setStruct(field reflect.Value) error {

 func setSlice(field reflect.Value) error {
 	field.Set(reflect.MakeSlice(field.Type(), sliceItemNumber, sliceItemNumber))
-	for j := 0; j < field.Len(); j++ {
+	for j := range field.Len() {
 		if err := fill(field.Index(j)); err != nil {
 			return err
 		}
--- a/pkg/config/dynamic/config.go
+++ b/pkg/config/dynamic/config.go
@ -24,7 +24,7 @@ type Configuration struct {
 	HTTP *HTTPConfiguration `json:"http,omitempty" toml:"http,omitempty" yaml:"http,omitempty" export:"true"`
 	TCP  *TCPConfiguration  `json:"tcp,omitempty" toml:"tcp,omitempty" yaml:"tcp,omitempty" export:"true"`
 	UDP  *UDPConfiguration  `json:"udp,omitempty" toml:"udp,omitempty" yaml:"udp,omitempty" export:"true"`
-	TLS  *TLSConfiguration  `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"-" export:"true"`
+	TLS  *TLSConfiguration  `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
 }

 // +k8s:deepcopy-gen=true
@ -32,6 +32,6 @@ type Configuration struct {
 // TLSConfiguration contains all the configuration parameters of a TLS connection.
 type TLSConfiguration struct {
 	Certificates []*tls.CertAndStores   `json:"certificates,omitempty"  toml:"certificates,omitempty" yaml:"certificates,omitempty" label:"-" export:"true"`
-	Options      map[string]tls.Options `json:"options,omitempty" toml:"options,omitempty" yaml:"options,omitempty" export:"true"`
+	Options      map[string]tls.Options `json:"options,omitempty" toml:"options,omitempty" yaml:"options,omitempty" label:"-" export:"true"`
 	Stores       map[string]tls.Store   `json:"stores,omitempty" toml:"stores,omitempty" yaml:"stores,omitempty" export:"true"`
 }
--- a/pkg/config/kv/kv.go
+++ b/pkg/config/kv/kv.go
@ -55,7 +55,7 @@ func getFieldNames(rootName string, rootType reflect.Type) []string {
 		return nil
 	}

-	for i := 0; i < rootType.NumField(); i++ {
+	for i := range rootType.NumField() {
 		field := rootType.Field(i)

 		if !parser.IsExported(field) {
--- a/pkg/config/label/label.go
+++ b/pkg/config/label/label.go
@ -12,9 +12,11 @@ func DecodeConfiguration(labels map[string]string) (*dynamic.Configuration, erro
 		HTTP: &dynamic.HTTPConfiguration{},
 		TCP:  &dynamic.TCPConfiguration{},
 		UDP:  &dynamic.UDPConfiguration{},
+		TLS:  &dynamic.TLSConfiguration{},
 	}

-	err := parser.Decode(labels, conf, parser.DefaultRootName, "traefik.http", "traefik.tcp", "traefik.udp")
+	// When decoding the TLS configuration we are making sure that only the default TLS store can be configured.
+	err := parser.Decode(labels, conf, parser.DefaultRootName, "traefik.http", "traefik.tcp", "traefik.udp", "traefik.tls.stores.default")
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/config/label/label_test.go
+++ b/pkg/config/label/label_test.go
@ -9,6 +9,8 @@ import (
 	"github.com/stretchr/testify/require"
 	ptypes "github.com/traefik/paerser/types"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
+	"github.com/traefik/traefik/v3/pkg/tls"
+	"github.com/traefik/traefik/v3/pkg/types"
 )

 func Bool(v bool) *bool       { return &v }
@ -217,6 +219,10 @@ func TestDecodeConfiguration(t *testing.T) {
 		"traefik.udp.routers.Router1.service":                    "foobar",
 		"traefik.udp.services.Service0.loadbalancer.server.Port": "42",
 		"traefik.udp.services.Service1.loadbalancer.server.Port": "42",
+
+		"traefik.tls.stores.default.defaultgeneratedcert.resolver":    "foobar",
+		"traefik.tls.stores.default.defaultgeneratedcert.domain.main": "foobar",
+		"traefik.tls.stores.default.defaultgeneratedcert.domain.sans": "foobar, fiibar",
 	}

 	configuration, err := DecodeConfiguration(labels)
@ -719,6 +725,19 @@ func TestDecodeConfiguration(t *testing.T) {
 				},
 			},
 		},
+		TLS: &dynamic.TLSConfiguration{
+			Stores: map[string]tls.Store{
+				"default": {
+					DefaultGeneratedCert: &tls.GeneratedCert{
+						Resolver: "foobar",
+						Domain: &types.Domain{
+							Main: "foobar",
+							SANs: []string{"foobar", "fiibar"},
+						},
+					},
+				},
+			},
+		},
 	}

 	assert.Nil(t, configuration.HTTP.ServersTransports)
@ -1216,6 +1235,19 @@ func TestEncodeConfiguration(t *testing.T) {
 				},
 			},
 		},
+		TLS: &dynamic.TLSConfiguration{
+			Stores: map[string]tls.Store{
+				"default": {
+					DefaultGeneratedCert: &tls.GeneratedCert{
+						Resolver: "foobar",
+						Domain: &types.Domain{
+							Main: "foobar",
+							SANs: []string{"foobar", "fiibar"},
+						},
+					},
+				},
+			},
+		},
 	}

 	labels, err := EncodeConfiguration(configuration)
@ -1415,6 +1447,10 @@ func TestEncodeConfiguration(t *testing.T) {
 		"traefik.TCP.Services.Service1.LoadBalancer.ServersTransport": "foo",
 		"traefik.TCP.Services.Service1.LoadBalancer.TerminationDelay": "42",

+		"traefik.TLS.Stores.default.DefaultGeneratedCert.Resolver":    "foobar",
+		"traefik.TLS.Stores.default.DefaultGeneratedCert.Domain.Main": "foobar",
+		"traefik.TLS.Stores.default.DefaultGeneratedCert.Domain.SANs": "foobar, fiibar",
+
 		"traefik.UDP.Routers.Router0.EntryPoints":                "foobar, fiibar",
 		"traefik.UDP.Routers.Router0.Service":                    "foobar",
 		"traefik.UDP.Routers.Router1.EntryPoints":                "foobar, fiibar",
--- a/pkg/config/static/entrypoints.go
+++ b/pkg/config/static/entrypoints.go
@ -97,7 +97,7 @@ type RedirectEntryPoint struct {
 func (r *RedirectEntryPoint) SetDefaults() {
 	r.Scheme = "https"
 	r.Permanent = true
-	r.Priority = math.MaxInt32 - 1
+	r.Priority = math.MaxInt - 1
 }

 // TLSConfig is the default TLS configuration for all the routers associated to the concerned entry point.
--- a/pkg/middlewares/accesslog/logger_test.go
+++ b/pkg/middlewares/accesslog/logger_test.go
@ -76,7 +76,7 @@ func TestLogRotation(t *testing.T) {
 	halfDone := make(chan bool)
 	writeDone := make(chan bool)
 	go func() {
-		for i := 0; i < iterations; i++ {
+		for i := range iterations {
 			handler.ServeHTTP(recorder, req)
 			if i == iterations/2 {
 				halfDone <- true
--- a/pkg/middlewares/capture/capture_test.go
+++ b/pkg/middlewares/capture/capture_test.go
@ -149,7 +149,7 @@ func BenchmarkCapture(b *testing.B) {
 			b.ReportAllocs()
 			b.SetBytes(int64(test.size))
 			b.ResetTimer()
-			for i := 0; i < b.N; i++ {
+			for range b.N {
 				runBenchmark(b, test.size, req, handlers)
 			}
 		})
@ -170,7 +170,7 @@ func runBenchmark(b *testing.B, size int, req *http.Request, handler http.Handle

 func generateBytes(length int) []byte {
 	var value []byte
-	for i := 0; i < length; i++ {
+	for i := range length {
 		value = append(value, 0x61+byte(i%26))
 	}
 	return value
--- a/pkg/middlewares/compress/compress_test.go
+++ b/pkg/middlewares/compress/compress_test.go
@ -720,7 +720,7 @@ func BenchmarkCompress(b *testing.B) {
 			}

 			b.ResetTimer()
-			for i := 0; i < b.N; i++ {
+			for range b.N {
 				runBenchmark(b, req, handler)
 			}
 		})
@ -741,7 +741,7 @@ func runBenchmark(b *testing.B, req *http.Request, handler http.Handler) {

 func generateBytes(length int) []byte {
 	var value []byte
-	for i := 0; i < length; i++ {
+	for i := range length {
 		value = append(value, 0x61+byte(i))
 	}
 	return value
--- a/pkg/middlewares/metrics/metrics.go
+++ b/pkg/middlewares/metrics/metrics.go
@ -3,6 +3,7 @@ package metrics
 import (
 	"context"
 	"net/http"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@ -216,12 +217,10 @@ func grpcStatusCode(rw http.ResponseWriter) int {

 func containsHeader(req *http.Request, name, value string) bool {
 	items := strings.Split(req.Header.Get(name), ",")
-	for _, item := range items {
-		if value == strings.ToLower(strings.TrimSpace(item)) {
-			return true
-		}
-	}
-	return false
+
+	return slices.ContainsFunc(items, func(item string) bool {
+		return value == strings.ToLower(strings.TrimSpace(item))
+	})
 }

 // getMethod returns the request's method.
--- a/pkg/middlewares/requestdecorator/hostresolver.go
+++ b/pkg/middlewares/requestdecorator/hostresolver.go
@ -49,7 +49,7 @@ func (hr *Resolver) CNAMEFlatten(ctx context.Context, host string) string {

 	logger := log.Ctx(ctx)
 	cacheDuration := 0 * time.Second
-	for depth := 0; depth < hr.ResolvDepth; depth++ {
+	for depth := range hr.ResolvDepth {
 		resolv, err := cnameResolve(ctx, request, hr.ResolvConfig)
 		if err != nil {
 			logger.Error().Err(err).Send()
--- a/pkg/middlewares/retry/retry_test.go
+++ b/pkg/middlewares/retry/retry_test.go
@ -203,7 +203,7 @@ func TestMultipleRetriesShouldNotLooseHeaders(t *testing.T) {
 	}

 	// Validate that we don't have headers from previous attempts
-	for i := 0; i < attempt; i++ {
+	for i := range attempt {
 		headerName := fmt.Sprintf("X-Foo-Test-%d", i)
 		headerValue = responseRecorder.Header().Get("headerName")
 		if headerValue != "" {
--- a/pkg/provider/acme/challenge_tls.go
+++ b/pkg/provider/acme/challenge_tls.go
@ -2,6 +2,7 @@ package acme

 import (
 	"fmt"
+	"slices"
 	"sync"
 	"time"

@ -119,7 +120,7 @@ func (c *ChallengeTLSALPN) ListenConfiguration(conf dynamic.Configuration) {
 	c.muChans.Lock()

 	for _, certificate := range conf.TLS.Certificates {
-		if !containsACMETLS1(certificate.Stores) {
+		if !slices.Contains(certificate.Stores, tlsalpn01.ACMETLS1Protocol) {
 			continue
 		}

@ -162,13 +163,3 @@ func createMessage(certs map[string]*Certificate) dynamic.Message {

 	return conf
 }
-
-func containsACMETLS1(stores []string) bool {
-	for _, store := range stores {
-		if store == tlsalpn01.ACMETLS1Protocol {
-			return true
-		}
-	}
-
-	return false
-}
--- a/pkg/provider/acme/provider.go
+++ b/pkg/provider/acme/provider.go
@ -33,9 +33,6 @@ import (

 const resolverSuffix = ".acme"

-// ocspMustStaple enables OCSP stapling as from https://github.com/go-acme/lego/issues/270.
-var ocspMustStaple = false
-
 // Configuration holds ACME configuration provided by users.
 type Configuration struct {
 	Email                string `description:"Email address used for registration." json:"email,omitempty" toml:"email,omitempty" yaml:"email,omitempty"`
@ -427,7 +424,7 @@ func (p *Provider) watchNewDomains(ctx context.Context) {

 						if len(route.TLS.Domains) > 0 {
 							domains := deleteUnnecessaryDomains(ctxRouter, route.TLS.Domains)
-							for i := 0; i < len(domains); i++ {
+							for i := range len(domains) {
 								domain := domains[i]
 								safe.Go(func() {
 									dom, cert, err := p.resolveCertificate(ctx, domain, traefiktls.DefaultTLSStoreName)
@ -464,7 +461,7 @@ func (p *Provider) watchNewDomains(ctx context.Context) {

 						if len(route.TLS.Domains) > 0 {
 							domains := deleteUnnecessaryDomains(ctxRouter, route.TLS.Domains)
-							for i := 0; i < len(domains); i++ {
+							for i := range len(domains) {
 								domain := domains[i]
 								safe.Go(func() {
 									dom, cert, err := p.resolveCertificate(ctx, domain, traefiktls.DefaultTLSStoreName)
@ -585,7 +582,6 @@ func (p *Provider) resolveDefaultCertificate(ctx context.Context, domains []stri
 	request := certificate.ObtainRequest{
 		Domains:        domains,
 		Bundle:         true,
-		MustStaple:     ocspMustStaple,
 		PreferredChain: p.PreferredChain,
 	}

@ -630,7 +626,6 @@ func (p *Provider) resolveCertificate(ctx context.Context, domain types.Domain,
 	request := certificate.ObtainRequest{
 		Domains:        domains,
 		Bundle:         true,
-		MustStaple:     ocspMustStaple,
 		PreferredChain: p.PreferredChain,
 	}

@ -821,11 +816,18 @@ func (p *Provider) renewCertificates(ctx context.Context, renewPeriod time.Durat

 		logger.Info().Msgf("Renewing certificate from LE : %+v", cert.Domain)

-		renewedCert, err := client.Certificate.Renew(certificate.Resource{
+		res := certificate.Resource{
 			Domain:      cert.Domain.Main,
 			PrivateKey:  cert.Key,
 			Certificate: cert.Certificate.Certificate,
-		}, true, ocspMustStaple, p.PreferredChain)
+		}
+
+		opts := &certificate.RenewOptions{
+			Bundle:         true,
+			PreferredChain: p.PreferredChain,
+		}
+
+		renewedCert, err := client.Certificate.RenewWithOptions(res, opts)
 		if err != nil {
 			logger.Error().Err(err).Msgf("Error renewing certificate from LE: %v", cert.Domain)
 			continue
--- a/pkg/provider/configuration.go
+++ b/pkg/provider/configuration.go
@ -13,9 +13,10 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
 	"github.com/traefik/traefik/v3/pkg/logs"
+	"github.com/traefik/traefik/v3/pkg/tls"
 )

-// Merge Merges multiple configurations.
+// Merge merges multiple configurations.
 func Merge(ctx context.Context, configurations map[string]*dynamic.Configuration) *dynamic.Configuration {
 	logger := log.Ctx(ctx)

@ -36,6 +37,9 @@ func Merge(ctx context.Context, configurations map[string]*dynamic.Configuration
 			Routers:  make(map[string]*dynamic.UDPRouter),
 			Services: make(map[string]*dynamic.UDPService),
 		},
+		TLS: &dynamic.TLSConfiguration{
+			Stores: make(map[string]tls.Store),
+		},
 	}

 	servicesToDelete := map[string]struct{}{}
@ -68,6 +72,9 @@ func Merge(ctx context.Context, configurations map[string]*dynamic.Configuration
 	transportsTCPToDelete := map[string]struct{}{}
 	transportsTCP := map[string][]string{}

+	storesToDelete := map[string]struct{}{}
+	stores := map[string][]string{}
+
 	var sortedKeys []string
 	for key := range configurations {
 		sortedKeys = append(sortedKeys, key)
@ -145,6 +152,13 @@ func Merge(ctx context.Context, configurations map[string]*dynamic.Configuration
 				middlewaresTCPToDelete[middlewareName] = struct{}{}
 			}
 		}
+
+		for storeName, store := range conf.TLS.Stores {
+			stores[storeName] = append(stores[storeName], root)
+			if !AddStore(configuration.TLS, storeName, store) {
+				storesToDelete[storeName] = struct{}{}
+			}
+		}
 	}

 	for serviceName := range servicesToDelete {
@ -217,6 +231,12 @@ func Merge(ctx context.Context, configurations map[string]*dynamic.Configuration
 		delete(configuration.TCP.Middlewares, middlewareName)
 	}

+	for storeName := range storesToDelete {
+		logger.Error().Str("storeName", storeName).
+			Msgf("TLS store defined multiple times with different configurations in %v", stores[storeName])
+		delete(configuration.TLS.Stores, storeName)
+	}
+
 	return configuration
 }

@ -365,7 +385,17 @@ func AddMiddleware(configuration *dynamic.HTTPConfiguration, middlewareName stri
 	return reflect.DeepEqual(configuration.Middlewares[middlewareName], middleware)
 }

-// MakeDefaultRuleTemplate Creates the default rule template.
+// AddStore adds a middleware to a configurations.
+func AddStore(configuration *dynamic.TLSConfiguration, storeName string, store tls.Store) bool {
+	if _, ok := configuration.Stores[storeName]; !ok {
+		configuration.Stores[storeName] = store
+		return true
+	}
+
+	return reflect.DeepEqual(configuration.Stores[storeName], store)
+}
+
+// MakeDefaultRuleTemplate creates the default rule template.
 func MakeDefaultRuleTemplate(defaultRule string, funcMap template.FuncMap) (*template.Template, error) {
 	defaultFuncMap := sprig.TxtFuncMap()
 	defaultFuncMap["normalize"] = Normalize
@ -377,7 +407,7 @@ func MakeDefaultRuleTemplate(defaultRule string, funcMap template.FuncMap) (*tem
 	return template.New("defaultRule").Funcs(defaultFuncMap).Parse(defaultRule)
 }

-// BuildTCPRouterConfiguration Builds a router configuration.
+// BuildTCPRouterConfiguration builds a router configuration.
 func BuildTCPRouterConfiguration(ctx context.Context, configuration *dynamic.TCPConfiguration) {
 	for routerName, router := range configuration.Routers {
 		loggerRouter := log.Ctx(ctx).With().Str(logs.RouterName, routerName).Logger()
@ -403,7 +433,7 @@ func BuildTCPRouterConfiguration(ctx context.Context, configuration *dynamic.TCP
 	}
 }

-// BuildUDPRouterConfiguration Builds a router configuration.
+// BuildUDPRouterConfiguration builds a router configuration.
 func BuildUDPRouterConfiguration(ctx context.Context, configuration *dynamic.UDPConfiguration) {
 	for routerName, router := range configuration.Routers {
 		loggerRouter := log.Ctx(ctx).With().Str(logs.RouterName, routerName).Logger()
@ -426,7 +456,7 @@ func BuildUDPRouterConfiguration(ctx context.Context, configuration *dynamic.UDP
 	}
 }

-// BuildRouterConfiguration Builds a router configuration.
+// BuildRouterConfiguration builds a router configuration.
 func BuildRouterConfiguration(ctx context.Context, configuration *dynamic.HTTPConfiguration, defaultRouterName string, defaultRuleTpl *template.Template, model interface{}) {
 	if len(configuration.Routers) == 0 {
 		if len(configuration.Services) > 1 {
@ -474,7 +504,7 @@ func BuildRouterConfiguration(ctx context.Context, configuration *dynamic.HTTPCo
 	}
 }

-// Normalize Replace all special chars with `-`.
+// Normalize replaces all special chars with `-`.
 func Normalize(name string) string {
 	fargs := func(c rune) bool {
 		return !unicode.IsLetter(c) && !unicode.IsNumber(c)
--- a/pkg/provider/constraints/constraints_tags.go
+++ b/pkg/provider/constraints/constraints_tags.go
@ -3,6 +3,7 @@ package constraints
 import (
 	"errors"
 	"regexp"
+	"slices"

 	"github.com/vulcand/predicate"
 )
@ -47,12 +48,7 @@ func MatchTags(tags []string, expr string) (bool, error) {

 func tagFn(name string) constraintTagFunc {
 	return func(tags []string) bool {
-		for _, tag := range tags {
-			if tag == name {
-				return true
-			}
-		}
-		return false
+		return slices.Contains(tags, name)
 	}
 }

@ -63,13 +59,9 @@ func tagRegexFn(expr string) constraintTagFunc {
 			return false
 		}

-		for _, tag := range tags {
-			if exp.MatchString(tag) {
-				return true
-			}
-		}
-
-		return false
+		return slices.ContainsFunc(tags, func(tag string) bool {
+			return exp.MatchString(tag)
+		})
 	}
 }

--- a/pkg/provider/consulcatalog/config_test.go
+++ b/pkg/provider/consulcatalog/config_test.go
@ -76,6 +76,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -131,6 +134,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -178,6 +184,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -225,6 +234,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -278,6 +290,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 	}
@ -299,7 +314,7 @@ func TestDefaultRule(t *testing.T) {
 			err := p.Init()
 			require.NoError(t, err)

-			for i := 0; i < len(test.items); i++ {
+			for i := range len(test.items) {
 				var err error
 				test.items[i].ExtraConf, err = p.getExtraConf(test.items[i].Labels)
 				require.NoError(t, err)
@ -370,6 +385,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -444,6 +462,9 @@ func Test_buildConfiguration(t *testing.T) {
 						},
 					},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -535,6 +556,9 @@ func Test_buildConfiguration(t *testing.T) {
 						},
 					},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -614,6 +638,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -678,6 +705,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -739,6 +769,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -803,6 +836,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -856,6 +892,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -910,6 +949,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -962,6 +1004,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1015,6 +1060,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1077,6 +1125,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1125,6 +1176,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1184,6 +1238,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1250,6 +1307,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1309,6 +1369,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1380,6 +1443,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1445,6 +1511,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1526,6 +1595,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1587,6 +1659,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1662,6 +1737,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1729,6 +1807,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1782,6 +1863,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1836,6 +1920,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1897,6 +1984,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1928,6 +2018,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1960,6 +2053,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1992,6 +2088,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2024,6 +2123,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2058,6 +2160,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2112,6 +2217,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2176,6 +2284,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2233,6 +2344,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2307,6 +2421,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2355,6 +2472,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2398,6 +2518,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2451,6 +2574,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2500,6 +2626,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2591,6 +2720,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2679,6 +2811,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2722,6 +2857,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2765,6 +2903,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2809,6 +2950,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2915,6 +3059,9 @@ func Test_buildConfiguration(t *testing.T) {
 						},
 					},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2990,6 +3137,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3065,6 +3215,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3117,6 +3270,78 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
+			},
+		},
+		{
+			desc: "one container with default generated certificate labels",
+			items: []itemData{
+				{
+					ID:   "Test",
+					Node: "Node1",
+					Name: "dev/Test",
+					Labels: map[string]string{
+						"traefik.tls.stores.default.defaultgeneratedcert.resolver":    "foobar",
+						"traefik.tls.stores.default.defaultgeneratedcert.domain.main": "foobar",
+						"traefik.tls.stores.default.defaultgeneratedcert.domain.sans": "foobar, fiibar",
+					},
+					Address: "127.0.0.1",
+					Port:    "80",
+					Status:  api.HealthPassing,
+				},
+			},
+			expected: &dynamic.Configuration{
+				TCP: &dynamic.TCPConfiguration{
+					Routers:           map[string]*dynamic.TCPRouter{},
+					Middlewares:       map[string]*dynamic.TCPMiddleware{},
+					Services:          map[string]*dynamic.TCPService{},
+					ServersTransports: map[string]*dynamic.TCPServersTransport{},
+				},
+				UDP: &dynamic.UDPConfiguration{
+					Routers:  map[string]*dynamic.UDPRouter{},
+					Services: map[string]*dynamic.UDPService{},
+				},
+				HTTP: &dynamic.HTTPConfiguration{
+					Routers: map[string]*dynamic.Router{
+						"dev-Test": {
+							Service:     "dev-Test",
+							Rule:        "Host(`dev-Test.traefik.wtf`)",
+							DefaultRule: true,
+						},
+					},
+					Middlewares: map[string]*dynamic.Middleware{},
+					Services: map[string]*dynamic.Service{
+						"dev-Test": {
+							LoadBalancer: &dynamic.ServersLoadBalancer{
+								Servers: []dynamic.Server{
+									{
+										URL: "http://127.0.0.1:80",
+									},
+								},
+								PassHostHeader: Bool(true),
+								ResponseForwarding: &dynamic.ResponseForwarding{
+									FlushInterval: ptypes.Duration(100 * time.Millisecond),
+								},
+							},
+						},
+					},
+					ServersTransports: map[string]*dynamic.ServersTransport{},
+				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{
+						"default": {
+							DefaultGeneratedCert: &tls.GeneratedCert{
+								Resolver: "foobar",
+								Domain: &types.Domain{
+									Main: "foobar",
+									SANs: []string{"foobar", "fiibar"},
+								},
+							},
+						},
+					},
+				},
 			},
 		},
 	}
@ -3141,7 +3366,7 @@ func Test_buildConfiguration(t *testing.T) {
 			err := p.Init()
 			require.NoError(t, err)

-			for i := 0; i < len(test.items); i++ {
+			for i := range len(test.items) {
 				var err error
 				test.items[i].ExtraConf, err = p.getExtraConf(test.items[i].Labels)
 				require.NoError(t, err)
@ -3297,6 +3522,9 @@ func TestFilterHealthStatuses(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3331,6 +3559,9 @@ func TestFilterHealthStatuses(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3394,6 +3625,9 @@ func TestFilterHealthStatuses(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3484,6 +3718,9 @@ func TestFilterHealthStatuses(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3619,6 +3856,9 @@ func TestFilterHealthStatuses(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 	}
--- a/pkg/provider/docker/config_test.go
+++ b/pkg/provider/docker/config_test.go
@ -13,6 +13,8 @@ import (
 	"github.com/stretchr/testify/require"
 	ptypes "github.com/traefik/paerser/types"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
+	"github.com/traefik/traefik/v3/pkg/tls"
+	"github.com/traefik/traefik/v3/pkg/types"
 )

 func TestDynConfBuilder_DefaultRule(t *testing.T) {
@ -80,6 +82,9 @@ func TestDynConfBuilder_DefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -140,6 +145,9 @@ func TestDynConfBuilder_DefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -202,6 +210,9 @@ func TestDynConfBuilder_DefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -256,6 +267,9 @@ func TestDynConfBuilder_DefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -310,6 +324,9 @@ func TestDynConfBuilder_DefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -370,6 +387,9 @@ func TestDynConfBuilder_DefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 	}
@ -389,7 +409,7 @@ func TestDynConfBuilder_DefaultRule(t *testing.T) {
 			err := p.Init()
 			require.NoError(t, err)

-			for i := 0; i < len(test.containers); i++ {
+			for i := range len(test.containers) {
 				var err error
 				test.containers[i].ExtraConf, err = p.extractLabels(test.containers[i])
 				require.NoError(t, err)
@ -452,6 +472,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -493,6 +516,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -534,6 +560,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -593,6 +622,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -686,6 +718,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -766,6 +801,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -827,6 +865,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -889,6 +930,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -949,6 +993,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1010,6 +1057,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1080,6 +1130,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1141,6 +1194,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1208,6 +1264,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1294,6 +1353,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1378,6 +1440,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1445,6 +1510,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1535,6 +1603,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1619,6 +1690,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1725,6 +1799,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1803,6 +1880,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1903,6 +1983,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1986,6 +2069,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2072,6 +2158,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2133,6 +2222,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2195,6 +2287,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2264,6 +2359,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2301,6 +2399,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2340,6 +2441,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2381,6 +2485,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2409,6 +2516,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2453,6 +2563,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2484,6 +2597,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2525,6 +2641,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2556,6 +2675,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2596,6 +2718,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2638,6 +2763,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2700,6 +2828,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2772,6 +2903,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2837,6 +2971,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2895,6 +3032,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2951,6 +3091,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3002,6 +3145,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3063,6 +3209,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3120,6 +3269,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3225,6 +3377,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3276,6 +3431,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3328,6 +3486,9 @@ func TestDynConfBuilder_build(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3397,6 +3558,92 @@ func TestDynConfBuilder_build(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
+			},
+		},
+		{
+			desc: "one container with default generated certificate labels",
+			containers: []dockerData{
+				{
+					ServiceName: "Test",
+					Name:        "Test",
+					Labels: map[string]string{
+						"traefik.tls.stores.default.defaultgeneratedcert.resolver":    "foobar",
+						"traefik.tls.stores.default.defaultgeneratedcert.domain.main": "foobar",
+						"traefik.tls.stores.default.defaultgeneratedcert.domain.sans": "foobar, fiibar",
+					},
+					NetworkSettings: networkSettings{
+						Ports: nat.PortMap{
+							nat.Port("79/tcp"): []nat.PortBinding{{
+								HostIP:   "192.168.0.1",
+								HostPort: "8080",
+							}},
+							nat.Port("80/tcp"): []nat.PortBinding{{
+								HostIP:   "192.168.0.1",
+								HostPort: "8081",
+							}},
+						},
+						Networks: map[string]*networkData{
+							"bridge": {
+								Name: "bridge",
+								Addr: "127.0.0.1",
+							},
+						},
+					},
+				},
+			},
+			expected: &dynamic.Configuration{
+				HTTP: &dynamic.HTTPConfiguration{
+					Routers: map[string]*dynamic.Router{
+						"Test": {
+							Service:     "Test",
+							Rule:        "Host(`Test.traefik.wtf`)",
+							DefaultRule: true,
+						},
+					},
+					Middlewares: map[string]*dynamic.Middleware{},
+					Services: map[string]*dynamic.Service{
+						"Test": {
+							LoadBalancer: &dynamic.ServersLoadBalancer{
+								Servers: []dynamic.Server{
+									{
+										URL: "http://127.0.0.1:79",
+									},
+								},
+								PassHostHeader: Bool(true),
+								ResponseForwarding: &dynamic.ResponseForwarding{
+									FlushInterval: ptypes.Duration(100 * time.Millisecond),
+								},
+							},
+						},
+					},
+					ServersTransports: map[string]*dynamic.ServersTransport{},
+				},
+				TCP: &dynamic.TCPConfiguration{
+					Routers:           map[string]*dynamic.TCPRouter{},
+					Middlewares:       map[string]*dynamic.TCPMiddleware{},
+					Services:          map[string]*dynamic.TCPService{},
+					ServersTransports: map[string]*dynamic.TCPServersTransport{},
+				},
+				UDP: &dynamic.UDPConfiguration{
+					Routers:  map[string]*dynamic.UDPRouter{},
+					Services: map[string]*dynamic.UDPService{},
+				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{
+						"default": {
+							DefaultGeneratedCert: &tls.GeneratedCert{
+								Resolver: "foobar",
+								Domain: &types.Domain{
+									Main: "foobar",
+									SANs: []string{"foobar", "fiibar"},
+								},
+							},
+						},
+					},
+				},
 			},
 		},
 	}
@ -3420,7 +3667,7 @@ func TestDynConfBuilder_build(t *testing.T) {
 			err := p.Init()
 			require.NoError(t, err)

-			for i := 0; i < len(test.containers); i++ {
+			for i := range len(test.containers) {
 				var err error
 				test.containers[i].ExtraConf, err = p.extractLabels(test.containers[i])
 				require.NoError(t, err)
--- a/pkg/provider/ecs/config_test.go
+++ b/pkg/provider/ecs/config_test.go
@ -10,6 +10,8 @@ import (
 	"github.com/stretchr/testify/require"
 	ptypes "github.com/traefik/paerser/types"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
+	"github.com/traefik/traefik/v3/pkg/tls"
+	"github.com/traefik/traefik/v3/pkg/types"
 )

 func Int(v int) *int    { return &v }
@ -76,6 +78,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -131,6 +136,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -188,6 +196,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -237,6 +248,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -286,6 +300,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -341,6 +358,9 @@ func TestDefaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 	}
@ -359,7 +379,7 @@ func TestDefaultRule(t *testing.T) {
 			err := p.Init()
 			require.NoError(t, err)

-			for i := 0; i < len(test.instances); i++ {
+			for i := range len(test.instances) {
 				var err error
 				test.instances[i].ExtraConf, err = p.getConfiguration(test.instances[i])
 				require.NoError(t, err)
@ -413,6 +433,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -449,6 +472,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -485,6 +511,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -539,6 +568,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -622,6 +654,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -692,6 +727,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -748,6 +786,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -805,6 +846,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -860,6 +904,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -916,6 +963,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -981,6 +1031,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1037,6 +1090,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1094,6 +1150,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1165,6 +1224,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1239,6 +1301,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1301,6 +1366,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1381,6 +1449,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1455,6 +1526,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1546,6 +1620,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1614,6 +1691,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1699,6 +1779,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1773,6 +1856,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1849,6 +1935,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1905,6 +1994,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1962,6 +2054,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2019,6 +2114,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2097,6 +2195,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2161,6 +2262,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2193,6 +2297,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2227,6 +2334,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2263,6 +2373,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2300,6 +2413,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2336,6 +2452,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2373,6 +2492,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2430,6 +2552,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2497,6 +2622,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2557,6 +2685,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2610,6 +2741,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2661,6 +2795,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2707,6 +2844,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2763,6 +2903,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2815,6 +2958,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2910,6 +3056,9 @@ func Test_buildConfiguration(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2956,6 +3105,9 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -3003,6 +3155,80 @@ func Test_buildConfiguration(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
+			},
+		},
+		{
+			desc: "one container with default generated certificate",
+			containers: []ecsInstance{
+				instance(
+					name("Test"),
+					labels(map[string]string{
+						"traefik.tls.stores.default.defaultgeneratedcert.resolver":    "foobar",
+						"traefik.tls.stores.default.defaultgeneratedcert.domain.main": "foobar",
+						"traefik.tls.stores.default.defaultgeneratedcert.domain.sans": "foobar, fiibar",
+					}),
+					iMachine(
+						mState(ec2.InstanceStateNameRunning),
+						mPrivateIP("127.0.0.1"),
+						mPorts(
+							mPort(0, 80, "tcp"),
+						),
+					),
+				),
+			},
+			expected: &dynamic.Configuration{
+				TCP: &dynamic.TCPConfiguration{
+					Routers:           map[string]*dynamic.TCPRouter{},
+					Middlewares:       map[string]*dynamic.TCPMiddleware{},
+					Services:          map[string]*dynamic.TCPService{},
+					ServersTransports: map[string]*dynamic.TCPServersTransport{},
+				},
+				UDP: &dynamic.UDPConfiguration{
+					Routers:  map[string]*dynamic.UDPRouter{},
+					Services: map[string]*dynamic.UDPService{},
+				},
+				HTTP: &dynamic.HTTPConfiguration{
+					Routers: map[string]*dynamic.Router{
+						"Test": {
+							Service:     "Test",
+							Rule:        "Host(`Test.traefik.wtf`)",
+							DefaultRule: true,
+						},
+					},
+					Middlewares: map[string]*dynamic.Middleware{},
+					Services: map[string]*dynamic.Service{
+						"Test": {
+							LoadBalancer: &dynamic.ServersLoadBalancer{
+								Servers: []dynamic.Server{
+									{
+										URL: "http://127.0.0.1:80",
+									},
+								},
+								PassHostHeader: Bool(true),
+								ResponseForwarding: &dynamic.ResponseForwarding{
+									FlushInterval: ptypes.Duration(100 * time.Millisecond),
+								},
+							},
+						},
+					},
+					ServersTransports: map[string]*dynamic.ServersTransport{},
+				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{
+						"default": {
+							DefaultGeneratedCert: &tls.GeneratedCert{
+								Resolver: "foobar",
+								Domain: &types.Domain{
+									Main: "foobar",
+									SANs: []string{"foobar", "fiibar"},
+								},
+							},
+						},
+					},
+				},
 			},
 		},
 	}
@ -3022,7 +3248,7 @@ func Test_buildConfiguration(t *testing.T) {
 			err := p.Init()
 			require.NoError(t, err)

-			for i := 0; i < len(test.containers); i++ {
+			for i := range len(test.containers) {
 				var err error
 				test.containers[i].ExtraConf, err = p.getConfiguration(test.containers[i])
 				require.NoError(t, err)
--- a/pkg/provider/ecs/ecs.go
+++ b/pkg/provider/ecs/ecs.go
@ -402,7 +402,7 @@ func (p *Provider) listInstances(ctx context.Context, client *awsClient) ([]ecsI
 }

 func (p *Provider) lookupMiInstances(ctx context.Context, client *awsClient, clusterName *string, ecsDatas map[string]*ecs.Task) (map[string]*ssm.InstanceInformation, error) {
-	instanceIds := make(map[string]string)
+	instanceIDs := make(map[string]string)
 	miInstances := make(map[string]*ssm.InstanceInformation)

 	var containerInstancesArns []*string
@ -424,7 +424,7 @@ func (p *Provider) lookupMiInstances(ctx context.Context, client *awsClient, clu
 		}

 		for _, container := range resp.ContainerInstances {
-			instanceIds[aws.StringValue(container.Ec2InstanceId)] = aws.StringValue(container.ContainerInstanceArn)
+			instanceIDs[aws.StringValue(container.Ec2InstanceId)] = aws.StringValue(container.ContainerInstanceArn)

 			// Disallow EC2 Instance IDs
 			// This prevents considering EC2 instances in ECS
@ -452,7 +452,7 @@ func (p *Provider) lookupMiInstances(ctx context.Context, client *awsClient, clu
 				if len(page.InstanceInformationList) > 0 {
 					for _, i := range page.InstanceInformationList {
 						if i.InstanceId != nil {
-							miInstances[instanceIds[aws.StringValue(i.InstanceId)]] = i
+							miInstances[instanceIDs[aws.StringValue(i.InstanceId)]] = i
 						}
 					}
 				}
@ -468,7 +468,7 @@ func (p *Provider) lookupMiInstances(ctx context.Context, client *awsClient, clu
 }

 func (p *Provider) lookupEc2Instances(ctx context.Context, client *awsClient, clusterName *string, ecsDatas map[string]*ecs.Task) (map[string]*ec2.Instance, error) {
-	instanceIds := make(map[string]string)
+	instanceIDs := make(map[string]string)
 	ec2Instances := make(map[string]*ec2.Instance)

 	var containerInstancesArns []*string
@ -490,7 +490,7 @@ func (p *Provider) lookupEc2Instances(ctx context.Context, client *awsClient, cl
 		}

 		for _, container := range resp.ContainerInstances {
-			instanceIds[aws.StringValue(container.Ec2InstanceId)] = aws.StringValue(container.ContainerInstanceArn)
+			instanceIDs[aws.StringValue(container.Ec2InstanceId)] = aws.StringValue(container.ContainerInstanceArn)
 			// Disallow Instance IDs of the form mi-*
 			// This prevents considering external instances in ECS Anywhere setups
 			// and getting InvalidInstanceID.Malformed error when calling the describe-instances endpoint.
@ -513,7 +513,7 @@ func (p *Provider) lookupEc2Instances(ctx context.Context, client *awsClient, cl
 					for _, r := range page.Reservations {
 						for _, i := range r.Instances {
 							if i.InstanceId != nil {
-								ec2Instances[instanceIds[aws.StringValue(i.InstanceId)]] = i
+								ec2Instances[instanceIDs[aws.StringValue(i.InstanceId)]] = i
 							}
 						}
 					}
--- a/pkg/provider/ecs/ecs_test.go
+++ b/pkg/provider/ecs/ecs_test.go
@ -73,7 +73,7 @@ func TestChunkIDs(t *testing.T) {
 			t.Parallel()

 			var IDs []*string
-			for v := 0; v < test.count; v++ {
+			for range test.count {
 				IDs = append(IDs, aws.String("a"))
 			}

--- a/pkg/provider/kubernetes/crd/client.go
+++ b/pkg/provider/kubernetes/crd/client.go
@ -6,6 +6,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"slices"
 	"time"

 	"github.com/rs/zerolog/log"
@ -469,12 +470,8 @@ func (c *clientWrapper) isWatchedNamespace(ns string) bool {
 	if c.isNamespaceAll {
 		return true
 	}
-	for _, watchedNamespace := range c.watchedNamespaces {
-		if watchedNamespace == ns {
-			return true
-		}
-	}
-	return false
+
+	return slices.Contains(c.watchedNamespaces, ns)
 }

 // translateNotFoundError will translate a "not found" error to a boolean return
--- a/pkg/provider/kubernetes/gateway/client.go
+++ b/pkg/provider/kubernetes/gateway/client.go
@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"slices"
 	"time"

 	"github.com/rs/zerolog/log"
@ -567,10 +568,6 @@ func (c *clientWrapper) isWatchedNamespace(ns string) bool {
 	if c.isNamespaceAll {
 		return true
 	}
-	for _, watchedNamespace := range c.watchedNamespaces {
-		if watchedNamespace == ns {
-			return true
-		}
-	}
-	return false
+
+	return slices.Contains(c.watchedNamespaces, ns)
 }
--- a/pkg/provider/kubernetes/ingress/client.go
+++ b/pkg/provider/kubernetes/ingress/client.go
@ -7,6 +7,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"slices"
 	"time"

 	"github.com/hashicorp/go-version"
@ -394,12 +395,8 @@ func (c *clientWrapper) isWatchedNamespace(ns string) bool {
 	if c.isNamespaceAll {
 		return true
 	}
-	for _, watchedNamespace := range c.watchedNamespaces {
-		if watchedNamespace == ns {
-			return true
-		}
-	}
-	return false
+
+	return slices.Contains(c.watchedNamespaces, ns)
 }

 // filterIngressClassByName return a slice containing ingressclasses with the correct name.
--- a/pkg/provider/kubernetes/ingress/kubernetes.go
+++ b/pkg/provider/kubernetes/ingress/kubernetes.go
@ -9,6 +9,7 @@ import (
 	"net"
 	"os"
 	"regexp"
+	"slices"
 	"sort"
 	"strconv"
 	"strings"
@ -418,13 +419,9 @@ func (p *Provider) updateIngressStatus(ing *netv1.Ingress, k8sClient Client) err
 func (p *Provider) shouldProcessIngress(ingress *netv1.Ingress, ingressClasses []*netv1.IngressClass) bool {
 	// configuration through the new kubernetes ingressClass
 	if ingress.Spec.IngressClassName != nil {
-		for _, ic := range ingressClasses {
-			if *ingress.Spec.IngressClassName == ic.ObjectMeta.Name {
-				return true
-			}
-		}
-
-		return false
+		return slices.ContainsFunc(ingressClasses, func(ic *netv1.IngressClass) bool {
+			return *ingress.Spec.IngressClassName == ic.ObjectMeta.Name
+		})
 	}

 	return p.IngressClass == ingress.Annotations[annotationKubernetesIngressClass] ||
--- a/pkg/provider/nomad/config_test.go
+++ b/pkg/provider/nomad/config_test.go
@ -9,6 +9,8 @@ import (
 	"github.com/stretchr/testify/require"
 	ptypes "github.com/traefik/paerser/types"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
+	"github.com/traefik/traefik/v3/pkg/tls"
+	"github.com/traefik/traefik/v3/pkg/types"
 )

 func Test_defaultRule(t *testing.T) {
@ -68,6 +70,9 @@ func Test_defaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -123,6 +128,9 @@ func Test_defaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -169,6 +177,9 @@ func Test_defaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -221,6 +232,9 @@ func Test_defaultRule(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 	}
@ -296,6 +310,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -373,6 +390,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -437,6 +457,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -498,6 +521,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -562,6 +588,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -615,6 +644,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -669,6 +701,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -721,6 +756,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -774,6 +812,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -836,6 +877,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -885,6 +929,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -944,6 +991,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1010,6 +1060,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1069,6 +1122,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1141,6 +1197,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1207,6 +1266,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1267,6 +1329,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1332,6 +1397,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1385,6 +1453,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1439,6 +1510,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1500,6 +1574,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1531,6 +1608,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1563,6 +1643,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1596,6 +1679,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1630,6 +1716,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1684,6 +1773,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1748,6 +1840,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1805,6 +1900,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1855,6 +1953,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1903,6 +2004,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1946,6 +2050,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -1999,6 +2106,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2048,6 +2158,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2139,6 +2252,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2227,6 +2343,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2270,6 +2389,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2313,6 +2435,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2357,6 +2482,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2445,6 +2573,9 @@ func Test_buildConfig(t *testing.T) {
 					},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2522,6 +2653,9 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
 			},
 		},
 		{
@ -2599,6 +2733,78 @@ func Test_buildConfig(t *testing.T) {
 					Services:          map[string]*dynamic.Service{},
 					ServersTransports: map[string]*dynamic.ServersTransport{},
 				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{},
+				},
+			},
+		},
+		{
+			desc: "one service with default generated certificate tags",
+			items: []item{
+				{
+					ID:        "id",
+					Node:      "Node1",
+					Name:      "dev/Test",
+					Address:   "127.0.0.1",
+					Port:      9999,
+					ExtraConf: configuration{Enable: true},
+					Tags: []string{
+						"traefik.tls.stores.default.defaultgeneratedcert.resolver = foobar",
+						"traefik.tls.stores.default.defaultgeneratedcert.domain.main = foobar",
+						"traefik.tls.stores.default.defaultgeneratedcert.domain.sans = foobar, fiibar",
+					},
+				},
+			},
+			expected: &dynamic.Configuration{
+				TCP: &dynamic.TCPConfiguration{
+					Routers:           map[string]*dynamic.TCPRouter{},
+					Middlewares:       map[string]*dynamic.TCPMiddleware{},
+					Services:          map[string]*dynamic.TCPService{},
+					ServersTransports: map[string]*dynamic.TCPServersTransport{},
+				},
+				UDP: &dynamic.UDPConfiguration{
+					Routers:  map[string]*dynamic.UDPRouter{},
+					Services: map[string]*dynamic.UDPService{},
+				},
+				HTTP: &dynamic.HTTPConfiguration{
+					Routers: map[string]*dynamic.Router{
+						"dev-Test": {
+							Service:     "dev-Test",
+							Rule:        "Host(`dev-Test.traefik.test`)",
+							DefaultRule: true,
+						},
+					},
+					Middlewares: map[string]*dynamic.Middleware{},
+					Services: map[string]*dynamic.Service{
+						"dev-Test": {
+							LoadBalancer: &dynamic.ServersLoadBalancer{
+								Servers: []dynamic.Server{
+									{
+										URL: "http://127.0.0.1:9999",
+									},
+								},
+								PassHostHeader: Bool(true),
+								ResponseForwarding: &dynamic.ResponseForwarding{
+									FlushInterval: ptypes.Duration(100 * time.Millisecond),
+								},
+							},
+						},
+					},
+					ServersTransports: map[string]*dynamic.ServersTransport{},
+				},
+				TLS: &dynamic.TLSConfiguration{
+					Stores: map[string]tls.Store{
+						"default": {
+							DefaultGeneratedCert: &tls.GeneratedCert{
+								Resolver: "foobar",
+								Domain: &types.Domain{
+									Main: "foobar",
+									SANs: []string{"foobar", "fiibar"},
+								},
+							},
+						},
+					},
+				},
 			},
 		},
 	}
--- a/pkg/provider/traefik/fixtures/api_insecure_with_dashboard.json
+++ b/pkg/provider/traefik/fixtures/api_insecure_with_dashboard.json
@ -7,7 +7,7 @@
        ],
        "service": "api@internal",
        "rule": "PathPrefix(`/api`)",
-        "priority": 2147483646
+        "priority": 9223372036854775806
      },
      "dashboard": {
        "entryPoints": [
@ -19,7 +19,7 @@
        ],
        "service": "dashboard@internal",
        "rule": "PathPrefix(`/`)",
-        "priority": 2147483645
+        "priority": 9223372036854775805
      }
    },
    "services": {
@ -47,4 +47,4 @@
  },
  "tcp": {},
  "tls": {}
-}
+}
--- a/pkg/provider/traefik/fixtures/api_insecure_without_dashboard.json
+++ b/pkg/provider/traefik/fixtures/api_insecure_without_dashboard.json
@ -7,7 +7,7 @@
        ],
        "service": "api@internal",
        "rule": "PathPrefix(`/api`)",
-        "priority": 2147483646
+        "priority": 9223372036854775806
      }
    },
    "services": {
@ -17,4 +17,4 @@
  },
  "tcp": {},
  "tls": {}
-}
+}
--- a/pkg/provider/traefik/fixtures/full_configuration.json
+++ b/pkg/provider/traefik/fixtures/full_configuration.json
@ -7,7 +7,7 @@
        ],
        "service": "api@internal",
        "rule": "PathPrefix(`/api`)",
-        "priority": 2147483646
+        "priority": 9223372036854775806
      },
      "dashboard": {
        "entryPoints": [
@ -19,7 +19,7 @@
        ],
        "service": "dashboard@internal",
        "rule": "PathPrefix(`/`)",
-        "priority": 2147483645
+        "priority": 9223372036854775805
      },
      "debug": {
        "entryPoints": [
@ -27,7 +27,7 @@
        ],
        "service": "api@internal",
        "rule": "PathPrefix(`/debug`)",
-        "priority": 2147483646
+        "priority": 9223372036854775806
      },
      "ping": {
        "entryPoints": [
@ -35,7 +35,7 @@
        ],
        "service": "ping@internal",
        "rule": "PathPrefix(`/ping`)",
-        "priority": 2147483647
+        "priority": 9223372036854775807
      },
      "prometheus": {
        "entryPoints": [
@ -43,7 +43,7 @@
        ],
        "service": "prometheus@internal",
        "rule": "PathPrefix(`/metrics`)",
-        "priority": 2147483647
+        "priority": 9223372036854775807
      },
      "rest": {
        "entryPoints": [
@ -51,7 +51,7 @@
        ],
        "service": "rest@internal",
        "rule": "PathPrefix(`/api/providers`)",
-        "priority": 2147483647
+        "priority": 9223372036854775807
      }
    },
    "services": {
@ -82,4 +82,4 @@
  },
  "tcp": {},
  "tls": {}
-}
+}
--- a/pkg/provider/traefik/fixtures/ping_simple.json
+++ b/pkg/provider/traefik/fixtures/ping_simple.json
@ -7,7 +7,7 @@
        ],
        "service": "ping@internal",
        "rule": "PathPrefix(`/ping`)",
-        "priority": 2147483647
+        "priority": 9223372036854775807
      }
    },
    "services": {
@ -17,4 +17,4 @@
  },
  "tcp": {},
  "tls": {}
-}
+}
--- a/pkg/provider/traefik/fixtures/prometheus_simple.json
+++ b/pkg/provider/traefik/fixtures/prometheus_simple.json
@ -7,7 +7,7 @@
        ],
        "service": "prometheus@internal",
        "rule": "PathPrefix(`/metrics`)",
-        "priority": 2147483647
+        "priority": 9223372036854775807
      }
    },
    "services": {
@ -17,4 +17,4 @@
  },
  "tcp": {},
  "tls": {}
-}
+}
--- a/pkg/provider/traefik/fixtures/rest_insecure.json
+++ b/pkg/provider/traefik/fixtures/rest_insecure.json
@ -7,7 +7,7 @@
        ],
        "service": "rest@internal",
        "rule": "PathPrefix(`/api/providers`)",
-        "priority": 2147483647
+        "priority": 9223372036854775807
      }
    },
    "services": {
@ -17,4 +17,4 @@
  },
  "tcp": {},
  "tls": {}
-}
+}
--- a/pkg/provider/traefik/internal.go
+++ b/pkg/provider/traefik/internal.go
@ -108,7 +108,7 @@ func (i *Provider) acme(cfg *dynamic.Configuration) {
 			Rule:        "PathPrefix(`/.well-known/acme-challenge/`)",
 			EntryPoints: eps,
 			Service:     "acme-http@internal",
-			Priority:    math.MaxInt32,
+			Priority:    math.MaxInt,
 		}

 		cfg.HTTP.Routers["acme-http"] = rt
@ -239,7 +239,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {
 		cfg.HTTP.Routers["api"] = &dynamic.Router{
 			EntryPoints: []string{defaultInternalEntryPointName},
 			Service:     "api@internal",
-			Priority:    math.MaxInt32 - 1,
+			Priority:    math.MaxInt - 1,
 			Rule:        "PathPrefix(`/api`)",
 		}

@ -247,7 +247,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {
 			cfg.HTTP.Routers["dashboard"] = &dynamic.Router{
 				EntryPoints: []string{defaultInternalEntryPointName},
 				Service:     "dashboard@internal",
-				Priority:    math.MaxInt32 - 2,
+				Priority:    math.MaxInt - 2,
 				Rule:        "PathPrefix(`/`)",
 				Middlewares: []string{"dashboard_redirect@internal", "dashboard_stripprefix@internal"},
 			}
@ -268,7 +268,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {
 			cfg.HTTP.Routers["debug"] = &dynamic.Router{
 				EntryPoints: []string{defaultInternalEntryPointName},
 				Service:     "api@internal",
-				Priority:    math.MaxInt32 - 1,
+				Priority:    math.MaxInt - 1,
 				Rule:        "PathPrefix(`/debug`)",
 			}
 		}
@ -290,7 +290,7 @@ func (i *Provider) pingConfiguration(cfg *dynamic.Configuration) {
 		cfg.HTTP.Routers["ping"] = &dynamic.Router{
 			EntryPoints: []string{i.staticCfg.Ping.EntryPoint},
 			Service:     "ping@internal",
-			Priority:    math.MaxInt32,
+			Priority:    math.MaxInt,
 			Rule:        "PathPrefix(`/ping`)",
 		}
 	}
@ -307,7 +307,7 @@ func (i *Provider) restConfiguration(cfg *dynamic.Configuration) {
 		cfg.HTTP.Routers["rest"] = &dynamic.Router{
 			EntryPoints: []string{defaultInternalEntryPointName},
 			Service:     "rest@internal",
-			Priority:    math.MaxInt32,
+			Priority:    math.MaxInt,
 			Rule:        "PathPrefix(`/api/providers`)",
 		}
 	}
@ -324,7 +324,7 @@ func (i *Provider) prometheusConfiguration(cfg *dynamic.Configuration) {
 		cfg.HTTP.Routers["prometheus"] = &dynamic.Router{
 			EntryPoints: []string{i.staticCfg.Metrics.Prometheus.EntryPoint},
 			Service:     "prometheus@internal",
-			Priority:    math.MaxInt32,
+			Priority:    math.MaxInt,
 			Rule:        "PathPrefix(`/metrics`)",
 		}
 	}
--- a/pkg/redactor/redactor.go
+++ b/pkg/redactor/redactor.go
@ -83,7 +83,7 @@ func doOnStruct(field reflect.Value, tag string, redactByDefault bool) error {
 			}
 		}
 	case reflect.Struct:
-		for i := 0; i < field.NumField(); i++ {
+		for i := range field.NumField() {
 			fld := field.Field(i)
 			stField := field.Type().Field(i)
 			if !isExported(stField) {
@ -138,7 +138,7 @@ func doOnStruct(field reflect.Value, tag string, redactByDefault bool) error {
 			}
 		}
 	case reflect.Slice:
-		for j := 0; j < field.Len(); j++ {
+		for j := range field.Len() {
 			if err := doOnStruct(field.Index(j), tag, redactByDefault); err != nil {
 				return err
 			}
@ -179,7 +179,7 @@ func reset(field reflect.Value, name string) error {
 			switch field.Type().Elem().Kind() {
 			case reflect.String:
 				slice := reflect.MakeSlice(field.Type(), field.Len(), field.Len())
-				for j := 0; j < field.Len(); j++ {
+				for j := range field.Len() {
 					slice.Index(j).SetString(maskShort)
 				}
 				field.Set(slice)
--- a/pkg/server/aggregator.go
+++ b/pkg/server/aggregator.go
@ -1,6 +1,8 @@
 package server

 import (
+	"slices"
+
 	"github.com/go-acme/lego/v4/challenge/tlsalpn01"
 	"github.com/rs/zerolog/log"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
@ -98,7 +100,7 @@ func mergeConfiguration(configurations dynamic.Configurations, defaultEntryPoint

 		if configuration.TLS != nil {
 			for _, cert := range configuration.TLS.Certificates {
-				if containsACMETLS1(cert.Stores) && pvd != "tlsalpn.acme" {
+				if slices.Contains(cert.Stores, tlsalpn01.ACMETLS1Protocol) && pvd != "tlsalpn.acme" {
 					continue
 				}

@ -127,14 +129,14 @@ func mergeConfiguration(configurations dynamic.Configurations, defaultEntryPoint
 	}

 	if len(defaultTLSStoreProviders) > 1 {
-		log.Error().Msgf("Default TLS Stores defined multiple times in %v", defaultTLSOptionProviders)
+		log.Error().Msgf("Default TLS Store defined in multiple providers: %v", defaultTLSStoreProviders)
 		delete(conf.TLS.Stores, tls.DefaultTLSStoreName)
 	}

 	if len(defaultTLSOptionProviders) == 0 {
 		conf.TLS.Options[tls.DefaultTLSConfigName] = tls.DefaultTLSOptions
 	} else if len(defaultTLSOptionProviders) > 1 {
-		log.Error().Msgf("Default TLS Options defined multiple times in %v", defaultTLSOptionProviders)
+		log.Error().Msgf("Default TLS Options defined in multiple providers %v", defaultTLSOptionProviders)
 		// We do not set an empty tls.TLS{} as above so that we actually get a "cascading failure" later on,
 		// i.e. routers depending on this missing TLS option will fail to initialize as well.
 		delete(conf.TLS.Options, tls.DefaultTLSConfigName)
@ -212,13 +214,3 @@ func applyModel(cfg dynamic.Configuration) dynamic.Configuration {

 	return cfg
 }
-
-func containsACMETLS1(stores []string) bool {
-	for _, store := range stores {
-		if store == tlsalpn01.ACMETLS1Protocol {
-			return true
-		}
-	}
-
-	return false
-}
--- a/pkg/server/configurationwatcher_test.go
+++ b/pkg/server/configurationwatcher_test.go
@ -311,7 +311,7 @@ func TestListenProvidersThrottleProviderConfigReload(t *testing.T) {
 		throttleDuration: 30 * time.Millisecond,
 	}

-	for i := 0; i < 5; i++ {
+	for i := range 5 {
 		pvd.messages = append(pvd.messages, dynamic.Message{
 			ProviderName: "mock",
 			Configuration: &dynamic.Configuration{
--- a/pkg/server/middleware/middlewares.go
+++ b/pkg/server/middleware/middlewares.go
@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net/http"
 	"reflect"
+	"slices"
 	"strings"

 	"github.com/containous/alice"
@ -99,7 +100,7 @@ func checkRecursion(ctx context.Context, middlewareName string) (context.Context
 	if !ok {
 		currentStack = []string{}
 	}
-	if inSlice(middlewareName, currentStack) {
+	if slices.Contains(currentStack, middlewareName) {
 		return ctx, fmt.Errorf("could not instantiate middleware %s: recursion detected in %s", middlewareName, strings.Join(append(currentStack, middlewareName), "->"))
 	}
 	return context.WithValue(ctx, middlewareStackKey, append(currentStack, middlewareName)), nil
@ -392,12 +393,3 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
 	// this would not enable tracing.
 	return observability.WrapMiddleware(ctx, middleware), nil
 }
-
-func inSlice(element string, stack []string) bool {
-	for _, value := range stack {
-		if value == element {
-			return true
-		}
-	}
-	return false
-}
--- a/pkg/server/middleware/tcp/middlewares.go
+++ b/pkg/server/middleware/tcp/middlewares.go
@ -3,6 +3,7 @@ package tcpmiddleware
 import (
 	"context"
 	"fmt"
+	"slices"
 	"strings"

 	"github.com/rs/zerolog/log"
@ -74,7 +75,7 @@ func checkRecursion(ctx context.Context, middlewareName string) (context.Context
 		currentStack = []string{}
 	}

-	if inSlice(middlewareName, currentStack) {
+	if slices.Contains(currentStack, middlewareName) {
 		return ctx, fmt.Errorf("could not instantiate middleware %s: recursion detected in %s", middlewareName, strings.Join(append(currentStack, middlewareName), "->"))
 	}

@ -118,12 +119,3 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (

 	return middleware, nil
 }
-
-func inSlice(element string, stack []string) bool {
-	for _, value := range stack {
-		if value == element {
-			return true
-		}
-	}
-	return false
-}
--- a/pkg/server/router/router_test.go
+++ b/pkg/server/router/router_test.go
@ -817,7 +817,7 @@ func BenchmarkRouterServe(b *testing.B) {

 	reqHost := requestdecorator.New(nil)
 	b.ReportAllocs()
-	for i := 0; i < b.N; i++ {
+	for range b.N {
 		reqHost.ServeHTTP(w, req, handlers["web"].ServeHTTP)
 	}
 }
@ -852,7 +852,7 @@ func BenchmarkService(b *testing.B) {

 	handler, _ := serviceManager.BuildHTTP(context.Background(), "foo-service")
 	b.ReportAllocs()
-	for i := 0; i < b.N; i++ {
+	for range b.N {
 		handler.ServeHTTP(w, req)
 	}
 }
--- a/pkg/server/server_entrypoint_tcp_test.go
+++ b/pkg/server/server_entrypoint_tcp_test.go
@ -112,7 +112,7 @@ func testShutdown(t *testing.T, router *tcprouter.Router) {
 	// but technically also as early as the Shutdown has closed the listener,
 	// i.e. during the shutdown and before the gracetime is over.
 	var testOk bool
-	for i := 0; i < 10; i++ {
+	for range 10 {
 		loopConn, err := net.Dial("tcp", epAddr)
 		if err == nil {
 			loopConn.Close()
@ -141,7 +141,7 @@ func startEntrypoint(entryPoint *TCPEntryPoint, router *tcprouter.Router) (net.C

 	entryPoint.SwitchRouter(router)

-	for i := 0; i < 10; i++ {
+	for range 10 {
 		conn, err := net.Dial("tcp", entryPoint.listener.Addr().String())
 		if err != nil {
 			time.Sleep(100 * time.Millisecond)
--- a/pkg/server/service/loadbalancer/mirror/mirror_test.go
+++ b/pkg/server/service/loadbalancer/mirror/mirror_test.go
@ -32,7 +32,7 @@ func TestMirroringOn100(t *testing.T) {
 	}), 50)
 	assert.NoError(t, err)

-	for i := 0; i < 100; i++ {
+	for range 100 {
 		mirror.ServeHTTP(httptest.NewRecorder(), httptest.NewRequest(http.MethodGet, "/", nil))
 	}

@ -61,7 +61,7 @@ func TestMirroringOn10(t *testing.T) {
 	}), 50)
 	assert.NoError(t, err)

-	for i := 0; i < 10; i++ {
+	for range 10 {
 		mirror.ServeHTTP(httptest.NewRecorder(), httptest.NewRequest(http.MethodGet, "/", nil))
 	}

@ -156,7 +156,7 @@ func TestMirroringWithBody(t *testing.T) {

 	mirror := New(handler, pool, defaultMaxBodySize, nil)

-	for i := 0; i < numMirrors; i++ {
+	for range numMirrors {
 		err := mirror.AddMirror(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 			assert.NotNil(t, r.Body)
 			bb, err := io.ReadAll(r.Body)
--- a/pkg/server/service/loadbalancer/wrr/wrr_test.go
+++ b/pkg/server/service/loadbalancer/wrr/wrr_test.go
@ -24,7 +24,7 @@ func TestBalancer(t *testing.T) {
 	}), Int(1))

 	recorder := &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}}
-	for i := 0; i < 4; i++ {
+	for range 4 {
 		balancer.ServeHTTP(recorder, httptest.NewRequest(http.MethodGet, "/", nil))
 	}

@ -52,7 +52,7 @@ func TestBalancerOneServerZeroWeight(t *testing.T) {
 	balancer.Add("second", http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {}), Int(0))

 	recorder := &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}}
-	for i := 0; i < 3; i++ {
+	for range 3 {
 		balancer.ServeHTTP(recorder, httptest.NewRequest(http.MethodGet, "/", nil))
 	}

@ -97,7 +97,7 @@ func TestBalancerOneServerDown(t *testing.T) {
 	balancer.SetStatus(context.WithValue(context.Background(), serviceName, "parent"), "second", false)

 	recorder := &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}}
-	for i := 0; i < 3; i++ {
+	for range 3 {
 		balancer.ServeHTTP(recorder, httptest.NewRequest(http.MethodGet, "/", nil))
 	}

@ -119,14 +119,14 @@ func TestBalancerDownThenUp(t *testing.T) {
 	balancer.SetStatus(context.WithValue(context.Background(), serviceName, "parent"), "second", false)

 	recorder := &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}}
-	for i := 0; i < 3; i++ {
+	for range 3 {
 		balancer.ServeHTTP(recorder, httptest.NewRequest(http.MethodGet, "/", nil))
 	}
 	assert.Equal(t, 3, recorder.save["first"])

 	balancer.SetStatus(context.WithValue(context.Background(), serviceName, "parent"), "second", true)
 	recorder = &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}}
-	for i := 0; i < 2; i++ {
+	for range 2 {
 		balancer.ServeHTTP(recorder, httptest.NewRequest(http.MethodGet, "/", nil))
 	}
 	assert.Equal(t, 1, recorder.save["first"])
@ -168,7 +168,7 @@ func TestBalancerPropagate(t *testing.T) {
 	})

 	recorder := &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}}
-	for i := 0; i < 8; i++ {
+	for range 8 {
 		topBalancer.ServeHTTP(recorder, httptest.NewRequest(http.MethodGet, "/", nil))
 	}
 	assert.Equal(t, 2, recorder.save["first"])
@ -181,7 +181,7 @@ func TestBalancerPropagate(t *testing.T) {
 	// fourth gets downed, but balancer2 still up since third is still up.
 	balancer2.SetStatus(context.WithValue(context.Background(), serviceName, "top"), "fourth", false)
 	recorder = &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}}
-	for i := 0; i < 8; i++ {
+	for range 8 {
 		topBalancer.ServeHTTP(recorder, httptest.NewRequest(http.MethodGet, "/", nil))
 	}
 	assert.Equal(t, 2, recorder.save["first"])
@ -195,7 +195,7 @@ func TestBalancerPropagate(t *testing.T) {
 	// down as well for topBalancer.
 	balancer2.SetStatus(context.WithValue(context.Background(), serviceName, "top"), "third", false)
 	recorder = &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}}
-	for i := 0; i < 8; i++ {
+	for range 8 {
 		topBalancer.ServeHTTP(recorder, httptest.NewRequest(http.MethodGet, "/", nil))
 	}
 	assert.Equal(t, 4, recorder.save["first"])
@ -246,7 +246,7 @@ func TestSticky(t *testing.T) {
 	}

 	req := httptest.NewRequest(http.MethodGet, "/", nil)
-	for i := 0; i < 3; i++ {
+	for range 3 {
 		for _, cookie := range recorder.Result().Cookies() {
 			assert.NotContains(t, "test=first", cookie.Value)
 			assert.NotContains(t, "test=second", cookie.Value)
@ -284,7 +284,7 @@ func TestSticky_FallBack(t *testing.T) {

 	req := httptest.NewRequest(http.MethodGet, "/", nil)
 	req.AddCookie(&http.Cookie{Name: "test", Value: "second"})
-	for i := 0; i < 3; i++ {
+	for range 3 {
 		recorder.ResponseRecorder = httptest.NewRecorder()

 		balancer.ServeHTTP(recorder, req)
@ -311,7 +311,7 @@ func TestBalancerBias(t *testing.T) {

 	recorder := &responseRecorder{ResponseRecorder: httptest.NewRecorder(), save: map[string]int{}}

-	for i := 0; i < 14; i++ {
+	for range 14 {
 		balancer.ServeHTTP(recorder, httptest.NewRequest(http.MethodGet, "/", nil))
 	}

--- a/pkg/server/service/proxy_test.go
+++ b/pkg/server/service/proxy_test.go
@ -31,7 +31,7 @@ func BenchmarkProxy(b *testing.B) {
 	handler := buildSingleHostProxy(req.URL, false, 0, &staticTransport{res}, pool)

 	b.ReportAllocs()
-	for i := 0; i < b.N; i++ {
+	for range b.N {
 		handler.ServeHTTP(w, req)
 	}
 }
--- a/pkg/server/service/roundtripper.go
+++ b/pkg/server/service/roundtripper.go
@ -9,6 +9,7 @@ import (
 	"net"
 	"net/http"
 	"reflect"
+	"slices"
 	"strings"
 	"sync"
 	"time"
@ -241,12 +242,9 @@ func (k *KerberosRoundTripper) RoundTrip(request *http.Request) (*http.Response,
 }

 func containsNTLMorNegotiate(h []string) bool {
-	for _, s := range h {
-		if strings.HasPrefix(s, "NTLM") || strings.HasPrefix(s, "Negotiate") {
-			return true
-		}
-	}
-	return false
+	return slices.ContainsFunc(h, func(s string) bool {
+		return strings.HasPrefix(s, "NTLM") || strings.HasPrefix(s, "Negotiate")
+	})
 }

 func createRootCACertPool(rootCAs []types.FileOrContent) *x509.CertPool {
--- a/pkg/server/service/roundtripper_test.go
+++ b/pkg/server/service/roundtripper_test.go
@ -150,7 +150,7 @@ func TestKeepConnectionWhenSameConfiguration(t *testing.T) {
 		},
 	}

-	for i := 0; i < 10; i++ {
+	for range 10 {
 		rtManager.Update(dynamicConf)

 		tr, err := rtManager.Get("test")
--- a/pkg/server/service/service.go
+++ b/pkg/server/service/service.go
@ -89,7 +89,7 @@ func (m *Manager) BuildHTTP(rootCtx context.Context, serviceName string) (http.H

 	value := reflect.ValueOf(*conf.Service)
 	var count int
-	for i := 0; i < value.NumField(); i++ {
+	for i := range value.NumField() {
 		if !value.Field(i).IsNil() {
 			count++
 		}
--- a/pkg/tcp/wrr_load_balancer_test.go
+++ b/pkg/tcp/wrr_load_balancer_test.go
@ -135,7 +135,7 @@ func TestLoadBalancing(t *testing.T) {
 			}

 			conn := &fakeConn{writeCall: make(map[string]int)}
-			for i := 0; i < test.totalCall; i++ {
+			for range test.totalCall {
 				balancer.ServeTCP(conn)
 			}

--- a/pkg/tls/tls.go
+++ b/pkg/tls/tls.go
@ -40,7 +40,7 @@ func (o *Options) SetDefaults() {

 // Store holds the options for a given Store.
 type Store struct {
-	DefaultCertificate   *Certificate   `json:"defaultCertificate,omitempty" toml:"defaultCertificate,omitempty" yaml:"defaultCertificate,omitempty" export:"true"`
+	DefaultCertificate   *Certificate   `json:"defaultCertificate,omitempty" toml:"defaultCertificate,omitempty" yaml:"defaultCertificate,omitempty" label:"-" export:"true"`
 	DefaultGeneratedCert *GeneratedCert `json:"defaultGeneratedCert,omitempty" toml:"defaultGeneratedCert,omitempty" yaml:"defaultGeneratedCert,omitempty" export:"true"`
 }

--- a/pkg/tls/tlsmanager.go
+++ b/pkg/tls/tlsmanager.go
@ -6,6 +6,7 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
+	"slices"
 	"strings"
 	"sync"

@ -189,7 +190,7 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) {
 	tlsConfig.GetCertificate = func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		domainToCheck := types.CanonicalDomain(clientHello.ServerName)

-		if isACMETLS(clientHello) {
+		if slices.Contains(clientHello.SupportedProtos, tlsalpn01.ACMETLS1Protocol) {
 			certificate := acmeTLSStore.GetBestCertificate(clientHello)
 			if certificate == nil {
 				log.Debug().Msgf("TLS: no certificate for TLSALPN challenge: %s", domainToCheck)
@ -427,13 +428,3 @@ func buildDefaultCertificate(defaultCertificate *Certificate) (*tls.Certificate,
 	}
 	return &cert, nil
 }
-
-func isACMETLS(clientHello *tls.ClientHelloInfo) bool {
-	for _, proto := range clientHello.SupportedProtos {
-		if proto == tlsalpn01.ACMETLS1Protocol {
-			return true
-		}
-	}
-
-	return false
-}
--- a/pkg/types/http_code_range.go
+++ b/pkg/types/http_code_range.go
@ -1,6 +1,7 @@
 package types

 import (
+	"slices"
 	"strconv"
 	"strings"
 )
@ -34,10 +35,7 @@ func NewHTTPCodeRanges(strBlocks []string) (HTTPCodeRanges, error) {

 // Contains tests whether the passed status code is within one of its HTTP code ranges.
 func (h HTTPCodeRanges) Contains(statusCode int) bool {
-	for _, block := range h {
-		if statusCode >= block[0] && statusCode <= block[1] {
-			return true
-		}
-	}
-	return false
+	return slices.ContainsFunc(h, func(block [2]int) bool {
+		return statusCode >= block[0] && statusCode <= block[1]
+	})
 }
--- a/pkg/udp/conn_test.go
+++ b/pkg/udp/conn_test.go
@ -197,7 +197,7 @@ func testTimeout(t *testing.T, withRead bool) {
 		}
 	}()

-	for i := 0; i < 10; i++ {
+	for range 10 {
 		udpConn2, err := net.Dial("udp", ln.Addr().String())
 		require.NoError(t, err)